Vulnerabilities > CVE-2015-1269 - 7PK - Security Features vulnerability in Google Chrome
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
The DecodeHSTSPreloadRaw function in net/http/transport_security_state.cc in Google Chrome before 43.0.2357.130 does not properly canonicalize DNS hostnames before making comparisons to HSTS or HPKP preload entries, which allows remote attackers to bypass intended access restrictions via a string that (1) ends in a . (dot) character or (2) is not entirely lowercase.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family Windows NASL id GOOGLE_CHROME_43_0_2357_130.NASL description The version of Google Chrome installed on the remote Windows host is prior to 43.0.2357.130. It is, therefore, affected by multiple vulnerabilities : - A scheme validation error exists in WebUI. A remote attacker can exploit this to have an unspecified impact. (CVE-2015-1266) - A cross-origin bypass vulnerability exists in Blink due to an unspecified flaw that is triggered when handling the creation context passed through public APIs. A remote attacker can exploit this to bypass the cross-origin policy. (CVE-2015-1267) - A cross-origin bypass vulnerability exists in Blink due to an unspecified flaw in its V8 bindings. A remote attacker can exploit this to bypass the cross-origin policy. (CVE-2015-1268) - A normalization bypass vulnerability exists in the HSTS/HPKP preload list. A remote attacker can exploit this to bypass HSTS/HPKP preloads and have a connection use HTTP instead of the expected HTTPS. (CVE-2015-1269) Note that Nessus has not tested for these issues but has instead relied only on the application last seen 2020-06-01 modified 2020-06-02 plugin id 84342 published 2015-06-23 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/84342 title Google Chrome < 43.0.2357.130 Multiple Vulnerabilities NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2015-1188.NASL description Updated chromium-browser packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Chromium is an open source web browser, powered by WebKit (Blink). Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash or, potentially, execute arbitrary code with the privileges of the user running Chromium. (CVE-2015-1266, CVE-2015-1267, CVE-2015-1268, CVE-2015-1269) All Chromium users should upgrade to these updated packages, which contain Chromium version 43.0.2357.130, which corrects these issues. After installing the update, Chromium must be restarted for the changes to take effect. last seen 2020-05-31 modified 2015-06-26 plugin id 84420 published 2015-06-26 reporter This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/84420 title RHEL 6 : chromium-browser (RHSA-2015:1188) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201507-18.NASL description The remote host is affected by the vulnerability described in GLSA-201507-18 (Chromium: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Chromium. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could bypass security restrictions. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 86087 published 2015-09-23 reporter This script is Copyright (C) 2015 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/86087 title GLSA-201507-18 : Chromium: Multiple vulnerabilities NASL family SuSE Local Security Checks NASL id OPENSUSE-2015-449.NASL description chromium was updated to 43.0.2357.130 to fix several security issues and bugs. The following vulnerabilities were fixed : - CVE-2015-1266: Scheme validation error in WebUI - CVE-2015-1268: Cross-origin bypass in Blink - CVE-2015-1267: Cross-origin bypass in Blink - CVE-2015-1269: Normalization error in HSTS/HPKP preload list - boo#935022: Prevent Chromium from downloading a binary blob for speech recognition Contains the following non-security changes : - resolved browser font magnification/scaling issue. - Fixed an issue where sometimes a blank page would print - Icons not displaying properly on Linux last seen 2020-06-05 modified 2015-06-26 plugin id 84415 published 2015-06-26 reporter This script is Copyright (C) 2015-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/84415 title openSUSE Security Update : chromium (openSUSE-2015-449) NASL family MacOS X Local Security Checks NASL id MACOSX_GOOGLE_CHROME_43_0_2357_130.NASL description The version of Google Chrome installed on the remote Mac OS X host is prior to 43.0.2357.130. It is, therefore, affected by multiple vulnerabilities : - A scheme validation error exists in WebUI. A remote attacker can exploit this to have an unspecified impact. (CVE-2015-1266) - A cross-origin bypass vulnerability exists in Blink due to an unspecified flaw that is triggered when handling the creation context passed through public APIs. A remote attacker can exploit this to bypass the cross-origin policy. (CVE-2015-1267) - A cross-origin bypass vulnerability exists in Blink due to an unspecified flaw in its V8 bindings. A remote attacker can exploit this to bypass the cross-origin policy. (CVE-2015-1268) - A normalization bypass vulnerability exists in the HSTS/HPKP preload list. A remote attacker can exploit this to bypass HSTS/HPKP preloads and have a connection use HTTP instead of the expected HTTPS. (CVE-2015-1269) Note that Nessus has not tested for these issues but has instead relied only on the application last seen 2020-06-01 modified 2020-06-02 plugin id 84343 published 2015-06-23 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/84343 title Google Chrome < 43.0.2357.130 Multiple Vulnerabilities (Mac OS X) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-3315.NASL description Several vulnerabilities were discovered in the chromium web browser. - CVE-2015-1266 Intended access restrictions could be bypassed for certain URLs like chrome://gpu. - CVE-2015-1267 A way to bypass the Same Origin Policy was discovered. - CVE-2015-1268 Mariusz Mlynski also discovered a way to bypass the Same Origin Policy. - CVE-2015-1269 Mike Rudy discovered that hostnames were not properly compared in the HTTP Strict Transport Policy and HTTP Public Key Pinning features, which could allow those access restrictions to be bypassed. - CVE-2015-1270 Atte Kettunen discovered an uninitialized memory read in the ICU library. - CVE-2015-1271 cloudfuzzer discovered a buffer overflow in the pdfium library. - CVE-2015-1272 Chamal de Silva discovered race conditions in the GPU process implementation. - CVE-2015-1273 makosoft discovered a buffer overflow in openjpeg, which is used by the pdfium library embedded in chromium. - CVE-2015-1274 andrewm.bpi discovered that the auto-open list allowed certain file types to be executed immediately after download. - CVE-2015-1276 Colin Payne discovered a use-after-free issue in the IndexedDB implementation. - CVE-2015-1277 SkyLined discovered a use-after-free issue in chromium last seen 2020-06-01 modified 2020-06-02 plugin id 84992 published 2015-07-27 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/84992 title Debian DSA-3315-1 : chromium-browser - security update NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_D46ED7B8191211E59FDF00262D5ED8EE.NASL description Google Chrome Releases reports : 4 security fixes in this release : - [464922] High CVE-2015-1266: Scheme validation error in WebUI. Credit to anonymous. - [494640] High CVE-2015-1268: Cross-origin bypass in Blink. Credit to Mariusz Mlynski. - [497507] Medium CVE-2015-1267: Cross-origin bypass in Blink. Credit to anonymous. - [461481] Medium CVE-2015-1269: Normalization error in HSTS/HPKP preload list. Credit to Mike Ruddy. last seen 2020-06-01 modified 2020-06-02 plugin id 84327 published 2015-06-23 reporter This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/84327 title FreeBSD : www/chromium -- multiple vulnerabilities (d46ed7b8-1912-11e5-9fdf-00262d5ed8ee) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-2652-1.NASL description It was discovered that Chromium did not properly consider the scheme when determining whether a URL is associated with a WebUI SiteInstance. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass security restrictions. (CVE-2015-1266) It was discovered that Blink did not properly restrict the creation context during creation of a DOM wrapper. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass same-origin restrictions. (CVE-2015-1267, CVE-2015-1268) It was discovered that Chromium did not properly canonicalize DNS hostnames before comparing to HSTS or HPKP preload entries. An attacker could potentially exploit this to bypass intended access restrictions. (CVE-2015-1269). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 84487 published 2015-07-01 reporter Ubuntu Security Notice (C) 2015-2019 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/84487 title Ubuntu 14.04 LTS / 14.10 / 15.04 : oxide-qt vulnerabilities (USN-2652-1)
Redhat
advisories |
| ||||
rpms |
|
References
- http://lists.opensuse.org/opensuse-updates/2015-11/msg00012.html
- http://www.securitytracker.com/id/1032731
- http://www.securityfocus.com/bid/75336
- https://codereview.chromium.org/1149753002
- http://www.ubuntu.com/usn/USN-2652-1
- http://rhn.redhat.com/errata/RHSA-2015-1188.html
- http://lists.opensuse.org/opensuse-updates/2015-06/msg00057.html
- http://googlechromereleases.blogspot.com/2015/06/chrome-stable-update.html
- https://security.gentoo.org/glsa/201507-18
- https://code.google.com/p/chromium/issues/detail?id=461481
- http://www.debian.org/security/2015/dsa-3315